in source/model-generator/TaintInTaintOutGenerator.cpp [16:53]
std::vector<Model> TaintInTaintOutGenerator::visit_method(
const Method* method) const {
if (method->get_code() || method->returns_void()) {
return {};
}
const auto class_name = generator::get_class_name(method);
if (!method->is_static() &&
(boost::contains(class_name, "Context;") ||
boost::contains(class_name, "Activity;") ||
boost::contains(class_name, "Service;") ||
boost::contains(class_name, "WebView;") ||
boost::contains(class_name, "Fragment;") ||
boost::contains(class_name, "WebViewClient;") ||
boost::contains(class_name, "ContentProvider;") ||
boost::contains(class_name, "BroadcastReceiver;"))) {
auto model = Model(method, context_);
for (ParameterPosition parameter_position = 1;
parameter_position < method->number_of_parameters();
parameter_position++) {
generator::add_propagation_to_return(
context_,
model,
parameter_position,
{"via-obscure-taint-in-taint-out"});
}
return {model};
}
const auto method_signature = show(method);
if (boost::ends_with(method_signature, ".size:()I") ||
boost::ends_with(method_signature, ".hashCode:()I") ||
boost::starts_with(method_signature, "Ljava/lang/Object;.getClass:")) {
return {};
}
return {Model(method, context_, Model::Mode::TaintInTaintOut)};
}